diff --git a/doc/sudo_plugin.pod b/doc/sudo_plugin.pod index 3b2673cc8..d74ea22f2 100644 --- a/doc/sudo_plugin.pod +++ b/doc/sudo_plugin.pod @@ -192,6 +192,11 @@ C environment variable to the target user's home directory. Set to true if the user specified the C<-E> flag, indicating that the user wishes to preserve the environment. +=item user_shell=bool + +Set to true if the user specified the C<-s> flag, indicating that +the user wishes to run a shell. + =item login_shell=bool Set to true if the user specified the C<-i> flag, indicating that diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 7eac3cd79..39fab7477 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1162,6 +1162,11 @@ deserialize_info(char * const settings[], char * const user_info[]) SET(flags, MODE_PRESERVE_ENV); continue; } + if (MATCHES(*cur, "user_shell=")) { + if (atobool(*cur + sizeof("user_shell=") - 1) == TRUE) + SET(flags, MODE_SHELL); + continue; + } if (MATCHES(*cur, "login_shell=")) { if (atobool(*cur + sizeof("login_shell=") - 1) == TRUE) { SET(flags, MODE_LOGIN_SHELL); diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 35beb1516..7e5d56bba 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -124,7 +124,7 @@ struct sudo_user { /* Mode flags */ #define MODE_BACKGROUND 0x00010000 /* XXX - unused */ -#define MODE_SHELL 0x00020000 /* XXX - not set but is used */ +#define MODE_SHELL 0x00020000 #define MODE_LOGIN_SHELL 0x00040000 #define MODE_IMPLIED_SHELL 0x00080000 #define MODE_RESET_HOME 0x00100000 diff --git a/src/parse_args.c b/src/parse_args.c index b9dc2fd5d..cd057c9ca 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -80,33 +80,35 @@ static struct sudo_settings { { "runas_group" }, #define ARG_SET_HOME 5 { "set_home" }, -#define ARG_LOGIN_SHELL 6 +#define ARG_USER_SHELL 6 + { "user_shell" }, +#define ARG_LOGIN_SHELL 7 { "login_shell" }, -#define ARG_IGNORE_TICKET 7 +#define ARG_IGNORE_TICKET 8 { "ignore_ticket" }, -#define ARG_PROMPT 8 +#define ARG_PROMPT 9 { "prompt" }, -#define ARG_SELINUX_ROLE 9 +#define ARG_SELINUX_ROLE 10 { "selinux_role" }, -#define ARG_SELINUX_TYPE 10 +#define ARG_SELINUX_TYPE 11 { "selinux_type" }, -#define ARG_RUNAS_USER 11 +#define ARG_RUNAS_USER 12 { "runas_user" }, -#define ARG_PROGNAME 12 +#define ARG_PROGNAME 13 { "progname" }, -#define ARG_IMPLIED_SHELL 13 +#define ARG_IMPLIED_SHELL 14 { "implied_shell" }, -#define ARG_PRESERVE_GROUPS 14 +#define ARG_PRESERVE_GROUPS 15 { "preserve_groups" }, -#define ARG_NONINTERACTIVE 15 +#define ARG_NONINTERACTIVE 16 { "noninteractive" }, -#define ARG_SUDOEDIT 16 +#define ARG_SUDOEDIT 17 { "sudoedit" }, -#define ARG_CLOSEFROM 17 +#define ARG_CLOSEFROM 18 { "closefrom" }, -#define ARG_NET_ADDRS 18 +#define ARG_NET_ADDRS 19 { "network_addrs" }, -#define NUM_SETTINGS 19 +#define NUM_SETTINGS 20 { NULL } }; @@ -263,6 +265,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, SET(tgetpass_flags, TGP_STDIN); break; case 's': + sudo_settings[ARG_USER_SHELL].value = "true"; SET(flags, MODE_SHELL); break; case 'U':